Cannot register using RegisterUser and specifying IAM_IDENTITY_CENTER for IdentityType

shoki · May 27, 2025, 1:47pm

Hello.
I am using js/sdk of QuickSIght.
And I try to use RegisterUser API like below

    const input: RegisterUserCommandInput = {
      AwsAccountId: awsAccountId,
      Namespace: namespace,
      Email: email,
      IdentityType: IdentityType.IAM_IDENTITY_CENTER,
      UserRole: UserRole.ADMIN,
    };

    const command = new RegisterUserCommand(input);
    const result = await client.send(command);

After execute that api, I finally get Invalid resource identifiers provided. Please check the documentation. error.

Am i missing any parameter here?

DylanM · May 28, 2025, 6:40pm

Hello @shoki, welcome to the QuickSight community!

After a quick look into this it seems like you may need to include the IamArn for the IAM user or IAM role you are using. How are you creating the users in IAM? Depending on how the users are set up, some of the other parameters may be required for the IAM authentication and creation.

shoki · May 29, 2025, 12:36am

Thank yout for replying for my quiestion @DylanM !

I did not create ima user or ima role, but create ima identity center user.

When QuickSight is integrated with IAM Identity Center, can I use the RegisterUser API to add users?
Can I specify IAM_IDENTITY_CENTER for the identityType when creating it?

duncan · June 5, 2025, 4:14pm

Hello @shoki

I think @DylanM is correct that you will still need the IAM arn even though you are using Identity center.

I believe the ARN should look roughly like this: arn:aws:iam::<account-id>:sso:user/<identity-store-id>/<user-id>